/** * {@inheritdoc} */ public function attempt($username, $password, $bindAsUser = false) { $this->validateCredentials($username, $password); try { if ($this->configuration->getUseSSO()) { // If SSO is enabled, we'll try binding over kerberos $remoteUser = $this->getRemoteUserInput(); $kerberos = $this->getKerberosAuthInput(); // If the remote user input equals the username we're // trying to authenticate, we'll perform the bind. if ($remoteUser == $username) { $this->bindUsingKerberos($kerberos); } } else { // Looks like SSO isn't enabled, we'll bind regularly instead. $this->bindUsingCredentials($username, $password); } } catch (BindException $e) { // We'll catch the BindException here to return false // to allow developers to use a simple if / else // using the authenticate method. return false; } // If we're not allowed to bind as the user, // we'll rebind as administrator. if ($bindAsUser === false) { // We won't catch any BindException here so // developers can catch rebind failures. $this->bindAsAdministrator(); } // No bind exceptions, authentication passed. return true; }
/** * {@inheritdoc} */ public function authenticate($username, $password, $preventRebind = false) { $auth = false; try { if ($this->configuration->getUseSSO()) { // If SSO is enabled, we'll try binding over kerberos $remoteUser = $this->getRemoteUserInput(); $kerberos = $this->getKerberosAuthInput(); // If the remote user input equals the username we're // trying to authenticate, we'll perform the bind if ($remoteUser == $username) { $auth = $this->bindUsingKerberos($kerberos); } } else { // Looks like SSO isn't enabled, we'll bind regularly instead $auth = $this->bindUsingCredentials($username, $password); } } catch (AdldapException $e) { if ($preventRebind === true) { // Binding failed and we're not allowed // to rebind, we'll return false return $auth; } } // If we're allowed to rebind, we'll rebind as administrator if ($preventRebind === false) { $adminUsername = $this->configuration->getAdminUsername(); $adminPassword = $this->configuration->getAdminPassword(); $this->bindUsingCredentials($adminUsername, $adminPassword); if (!$this->connection->isBound()) { throw new AdldapException('Rebind to Active Directory failed. AD said: ' . $this->connection->getLastError()); } } return $auth; }
/** * {@inheritdoc} */ public function authenticate($username, $password, $bindAsUser = false) { $auth = false; try { if ($this->configuration->getUseSSO()) { // If SSO is enabled, we'll try binding over kerberos $remoteUser = $this->getRemoteUserInput(); $kerberos = $this->getKerberosAuthInput(); // If the remote user input equals the username we're // trying to authenticate, we'll perform the bind if ($remoteUser == $username) { $auth = $this->bindUsingKerberos($kerberos); } } else { $this->validateCredentials($username, $password); // Looks like SSO isn't enabled, we'll bind regularly instead $auth = $this->bindUsingCredentials($username, $password); } } catch (AdldapException $e) { if ($bindAsUser === true) { // Binding failed and we're not allowed // to rebind, we'll return false return $auth; } } // If we're not allowed to bind as the // user, we'll rebind as administrator. if ($bindAsUser === false) { $this->bindAsAdministrator(); } return $auth; }
/** * Prepares the connection by setting configured parameters. * * @return void */ protected function prepareConnection() { // Set the beginning protocol options on the connection // if they're set in the configuration. if ($this->configuration->getUseSSL()) { $this->connection->useSSL(); } elseif ($this->configuration->getUseTLS()) { $this->connection->useTLS(); } // If we've set SSO to true, we'll make sure we check if // SSO is supported, and if so we'll bind it to // the current LDAP connection. if ($this->configuration->getUseSSO() && $this->connection->isSaslSupported()) { $this->connection->useSSO(); } }